From bec5d76c58e451fb96da11543ac79ab8ecf3bba6 Mon Sep 17 00:00:00 2001 From: Ray Gao Date: Sun, 8 Sep 2024 17:26:53 -0400 Subject: [PATCH] Add accumulator pre-check for compression circuit --- Cargo.lock | 1 + compression/Cargo.toml | 1 + compression/src/circuit.rs | 54 +++++++++++++++++++++++++++++++++++--- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 13c3015298..2282f6b2aa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1029,6 +1029,7 @@ dependencies = [ "serde", "serde_json", "serde_stacker", + "snark-verifier 0.1.0", "snark-verifier 0.1.8", "snark-verifier-sdk 0.0.1", "snark-verifier-sdk 0.1.8", diff --git a/compression/Cargo.toml b/compression/Cargo.toml index 9dbc53d539..93cfef3c58 100644 --- a/compression/Cargo.toml +++ b/compression/Cargo.toml @@ -16,6 +16,7 @@ halo2_proofs.workspace = true halo2curves.workspace = true ce-snark-verifier.workspace = true ce-snark-verifier-sdk.workspace = true +snark-verifier.workspace = true snark-verifier-sdk.workspace = true [dev-dependencies] diff --git a/compression/src/circuit.rs b/compression/src/circuit.rs index e42f72b84f..b775c095b4 100644 --- a/compression/src/circuit.rs +++ b/compression/src/circuit.rs @@ -2,7 +2,7 @@ use crate::params::ConfigParams; use ark_std::{end_timer, start_timer}; -use ce_snark_verifier::halo2_base::gates::circuit::{BaseConfig, CircuitBuilderStage}; +use ce_snark_verifier::{halo2_base::gates::circuit::{BaseConfig, CircuitBuilderStage}, system::halo2::transcript}; use ce_snark_verifier_sdk::{ halo2::aggregation::{AggregationCircuit, AggregationConfigParams, VerifierUniversality}, CircuitExt as CeCircuitExt, SHPLONK, @@ -10,11 +10,21 @@ use ce_snark_verifier_sdk::{ use halo2_proofs::{ circuit::{Layouter, SimpleFloorPlanner}, plonk::{Circuit, ConstraintSystem, Error, Selector}, - poly::kzg::commitment::ParamsKZG, + poly::{commitment::ParamsProver, kzg::commitment::ParamsKZG}, }; -use halo2curves::bn256::{Bn256, Fr}; +use halo2curves::{bn256::{Bn256, Fq, Fr, G1Affine, G2Affine}, pairing::Engine}; use rand::Rng; -use snark_verifier_sdk::CircuitExt; +use snark_verifier::{ + loader::native::NativeLoader, + verifier::PlonkVerifier, + pcs::{ + kzg::{Bdfg21, Kzg, KzgAccumulator, KzgAs}, + AccumulationSchemeProver, + }, +}; +use snark_verifier_sdk::{ + types::{PoseidonTranscript, Shplonk, POSEIDON_SPEC}, CircuitExt, +}; use std::fs::File; /// Input a proof, this compression circuit generates a new proof that may have smaller size. @@ -89,6 +99,7 @@ impl CompressionCircuit { has_accumulator: bool, rng: impl Rng + Send, ) -> Result { + verify_snark_accumulator_pairing(&snark, ¶ms).expect("Compression circuit accumulator pre-check should not fail."); Self::new_from_ce_snark(params, to_ce_snark(&snark), has_accumulator, rng) } @@ -110,6 +121,41 @@ impl CompressionCircuit { } } +pub(crate) fn verify_snark_accumulator_pairing<'a>( + snark: &'a snark_verifier_sdk::Snark, + params: &ParamsKZG +) -> Result<&'a snark_verifier_sdk::Snark, snark_verifier::Error> { + let svk = params.get_g()[0].into(); + let mut transcript_read = + PoseidonTranscript::::from_spec(&[], POSEIDON_SPEC.clone()); + + transcript_read.new_stream(snark.proof.as_slice()); + + let proof = Shplonk::read_proof( + &svk, + &snark.protocol, + &snark.instances, + &mut transcript_read, + ); + + let acc = Shplonk::succinct_verify(&svk, &snark.protocol, &snark.instances, &proof)[0].clone(); + + let KzgAccumulator { lhs, rhs } = acc; + let left = Bn256::pairing(&lhs, ¶ms.g2()); + let right = Bn256::pairing(&rhs, ¶ms.s_g2()); + + log::trace!("compression circuit accumulator pre-check: left {:?}", left); + log::trace!("compression circuit accumulator pre-check: right {:?}", right); + + if left != right { + return Err(snark_verifier::Error::AssertionFailure(format!( + "accumulator check failed {left:?} {right:?}", + ))); + } + + Ok(snark) +} + fn load_params() -> AggregationConfigParams { let path = std::env::var("COMPRESSION_CONFIG") .unwrap_or_else(|_| "configs/compression_wide.config".to_owned());